def _get_edge_id_by_rtr_id(self, rtr_id, context=None):
if not context:
context = self.context
binding = nsxv_db.get_nsxv_router_binding(
context.session,
rtr_id)
if binding:
return binding['edge_id']
def _get_lb_edge_id(self, context, subnet_id):
"""
Grab the id of an Edge appliance that is connected to subnet_id.
"""
subnet = self.callbacks.plugin.get_subnet(context, subnet_id)
net_id = subnet.get('network_id')
filters = {'network_id': [net_id],
'device_owner': ['network:router_interface']}
attached_routers = self.callbacks.plugin.get_ports(
context.elevated(), filters=filters,
fields=['device_id'])
for attached_router in attached_routers:
router = self.callbacks.plugin.get_router(
context, attached_router['device_id'])
if router['router_type'] == 'exclusive':
rtr_bindings = nsxv_db.get_nsxv_router_binding(
context.session, router['id'])
return rtr_bindings['edge_id']
def _setup_metadata_lb(self, rtr_id, vip, v_port, s_port, member_ips,
proxy_lb=False, context=None):
if context is None:
context = self.context
binding = nsxv_db.get_nsxv_router_binding(context.session, rtr_id)
edge_id = binding['edge_id']
LOG.debug('Setting up Edge device %s', edge_id)
lb_obj = nsxv_lb.NsxvLoadbalancer()
# Create virtual server
virt_srvr = nsxv_lb.NsxvLBVirtualServer(
name='MdSrv',
ip_address=vip,
port=v_port)
# For router Edge, we add X-LB-Proxy-ID header
if not proxy_lb:
md_app_rule = nsxv_lb.NsxvLBAppRule(
'insert-mdp',
'reqadd X-Metadata-Provider:' + edge_id)
virt_srvr.add_app_rule(md_app_rule)
# When shared proxy is configured, insert authentication string
if cfg.CONF.nsxv.metadata_shared_secret:
signature = hmac.new(
cfg.CONF.nsxv.metadata_shared_secret,
edge_id,
hashlib.sha256).hexdigest()
sign_app_rule = nsxv_lb.NsxvLBAppRule(
'insert-auth',
'reqadd X-Metadata-Provider-Signature:' + signature)
virt_srvr.add_app_rule(sign_app_rule)
# Create app profile
# XFF is inserted in router LBs
app_profile = nsxv_lb.NsxvLBAppProfile(
name='MDSrvProxy',
template='HTTP',
insert_xff=not proxy_lb)
virt_srvr.set_app_profile(app_profile)
# Create pool, members and monitor
pool = nsxv_lb.NsxvLBPool(
name='MDSrvPool')
monitor = nsxv_lb.NsxvLBMonitor(
name='MDSrvMon')
pool.add_monitor(monitor)
i = 0
for member_ip in member_ips:
i += 1
member = nsxv_lb.NsxvLBPoolMember(
name='Member-%d' % i,
ip_address=member_ip,
port=s_port,
monitor_port=s_port)
pool.add_member(member)
virt_srvr.set_default_pool(pool)
lb_obj.add_virtual_server(virt_srvr)
lb_obj.submit_to_backend(
self.nsxv_plugin.nsx_v.vcns,
edge_id)
def _get_proxy_edge(self, rtr_ip):
# If DB Entry already defined by another Neutron instance, retrieve
# its IP address and exit
try:
nsxv_db.create_nsxv_internal_edge(
self.context.session,
rtr_ip,
vcns_const.InternalEdgePurposes.INTER_EDGE_PURPOSE,
None)
except db_exc.DBDuplicateEntry:
edge_ip = None
ctr = 0
while edge_ip is None and ctr < EDGE_WAIT_INTERVAL:
rtr_list = nsxv_db.get_nsxv_internal_edge(
self.context.session, rtr_ip)
if rtr_list:
rtr_id = rtr_list[0]['router_id']
if rtr_id:
edge_ip = self._get_edge_internal_ip(rtr_id)
if edge_ip:
return edge_ip
self.context.session.expire_all()
ctr += EDGE_CHECK_INTERVAL
time.sleep(EDGE_CHECK_INTERVAL)
error = _('Metadata proxy creation on other neutron instance '
'timed out')
raise nsxv_exc.NsxPluginException(err_msg=error)
rtr_id = None
try:
router_data = {
'router': {
'name': 'metadata_proxy_router',
'admin_state_up': True,
'router_type': 'exclusive',
'tenant_id': None}}
rtr = self.nsxv_plugin.create_router(
self.context,
router_data,
allow_metadata=False)
rtr_id = rtr['id']
binding = nsxv_db.get_nsxv_router_binding(
self.context.session,
rtr_id)
self.nsxv_plugin.nsx_v.update_interface(
rtr['id'],
binding['edge_id'],
vcns_const.EXTERNAL_VNIC_INDEX,
cfg.CONF.nsxv.mgt_net_moid,
address=rtr_ip,
netmask=cfg.CONF.nsxv.mgt_net_proxy_netmask,
secondary=[])
port_data = {
'port': {
'network_id': self.internal_net,
'name': None,
'admin_state_up': True,
'device_id': rtr_id,
'device_owner': constants.DEVICE_OWNER_ROUTER_INTF,
'fixed_ips': attr.ATTR_NOT_SPECIFIED,
'mac_address': attr.ATTR_NOT_SPECIFIED,
'port_security_enabled': False,
'tenant_id': None}}
port = self.nsxv_plugin.create_port(self.context, port_data)
address_groups = self._get_address_groups(
self.context, self.internal_net, rtr_id, is_proxy=True)
edge_ip = port['fixed_ips'][0]['ip_address']
edge_utils.update_internal_interface(
self.nsxv_plugin.nsx_v, self.context, rtr_id,
self.internal_net, address_groups)
self._setup_metadata_lb(rtr_id,
port['fixed_ips'][0]['ip_address'],
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_port,
cfg.CONF.nsxv.nova_metadata_ips,
proxy_lb=True)
firewall_rule = {
'action': 'allow',
'enabled': True,
'source_ip_address': [INTERNAL_SUBNET]}
edge_utils.update_firewall(
self.nsxv_plugin.nsx_v,
self.context,
rtr_id,
{'firewall_rule_list': [firewall_rule]},
allow_external=False)
if cfg.CONF.nsxv.mgt_net_default_gateway:
self.nsxv_plugin._update_routes(
self.context, rtr_id,
cfg.CONF.nsxv.mgt_net_default_gateway)
nsxv_db.update_nsxv_internal_edge(
self.context.session,
rtr_ip,
rtr_id)
return edge_ip
except Exception as e:
with excutils.save_and_reraise_exception():
nsxv_db.delete_nsxv_internal_edge(
self.context.session,
rtr_ip)
if rtr_id:
self.nsxv_plugin.delete_router(self.context, rtr_id)
LOG.exception(_LE("Exception %s while creating internal edge "
"for metadata service"), e)
def _get_router_edge_id(self, context, router_id):
binding = nsxv_db.get_nsxv_router_binding(context.session, router_id)
return binding['edge_id']
